Does This Sound Familiar?

Now that over a week has passed since this Economist article was published, I wanted to cite it and ask if the problem it describes sounds familiar:

Globally, shrinkage [(losses from shoplifting, theft by workers and accounting errors)] cost retailers $107 billion in the year to June. This was 5.6% less than the previous year, but still the equivalent of 1.36% of sales...

When it comes to thwarting thieves, shop-owners are on their own. In most countries the criminal justice system has all but given up trying to punish shoplifters... So retailers install CCTV cameras, attach so-called electronic article surveillance tags to their wares, train their staff to spot thieves and screen workers for criminal records before hiring them. This year retailers spent $26.8 billion, or 0.34% of sales, on preventing theft.

Some dismiss shoplifting simply as a cost of doing business. Yet it can be serious. Some shoplifters work in organised gangs. Some turn violent when interrupted. Some, especially those who are hooked on drugs, are persistent and prolific.

And all impose a cost on honest shoppers. Theft inflates the average family’s annual shopping bill by $186.


How many of us in the cyber world thought we were the only ones "on our own" fighting adversaries?

The critical difference between shrinkage and digital intrusions is that retailers can measure losses because their products all bear price tags. Maybe businesses could help security professionals by putting "labels" on information assets? Even a WAG would help!

Comments

Robert Dana said…
I think the parallel is very apt (ahem) and goes deeper than what is mentioned in this story.

"Organized Retail Crime" (or ORC) is the term used in the Loss Prevention world to describe the phenomenon of methodical shoplifting rings that have become a major problem in recent years.

They identify specific merchandise they are interested in acquiring (things that are most easily fenced) and then use intelligence gathered from store employees to figure out the most efficient way to get at it.

They take advantage of standardized operations in national retailers to successfully execute the same theft over and over again, moving from one city to another before the store's audits even discover the losses.

They reduce risks by using multiple boosters to hit the same store, and staying under the felony limit on each individual outing.

In other words, the ORC rings are intelligent adversaries, and operate in a very disciplined and methodical fashion, which they adjust as retailers change their own tactics.

The retailers have figured out that information sharing is a key to fighting this threat. In a traditionally extremely competitive market, retailers are increasingly building local and national networks to share intelligence about thefts, with the NRF's LERPNet being the largest and most visible.

So yes... this sounds pretty familiar!

Popular posts from this blog

Zeek in Action Videos

New Book! The Best of TaoSecurity Blog, Volume 4

MITRE ATT&CK Tactics Are Not Tactics